Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Lesley Carhart Profile picture
@hacks4pancakes
Aug 22, 2018 8 tweets 2 min read Read on X
This was a timely discussion for me.

I had a chat with a friend who is demoing a popular threat detection network appliance the other day.

He’s a network admin and was thrown off by the sales pitch the vendor gave where they insisted they don’t use signatures. (cntd...)
So I had to launch into a 40 minute long diatribe on the semantics and politics of the term “signature” as it relates to security. To do what the product did, it absolutely did have to use signatures as part of some detections. But the term “signature” is considered unmarketable.
We in infosec have this unfortunate habit of losing ownership of our terminology to sales, marketing, and media. Buzzwords are key, to the peril of technical accuracy.

“Signatures” are not necessarily the static code strings of 1999 and are quite useful in exploit detection.
And just because a product combines behavioral or statistical data with some combinations of static strings or regular expressions, that doesn’t mean their product is “signature free” or purely AI-based. That’s ridiculous.
In security, the concept of “defense in depth” crops up across verticals and layers and this is no exception. Use the detection tools that are useful in combination with one another to build the best layered detection possible.
Just because *static signatures* aren’t great at picking up polymorphic code or other modern malware evasion techniques doesn’t mean signatures as a general security concept should be removed or that vendors should overtly lie about their use.
Yes, there are additional ways (discussed in the aforementioned paper) to detect threats. And those should be included, combined, and pursued. Just don’t let buzzword hype limit your detection toolkit.
Oh, and I won’t name the vendor, but be very wary and ask pointed questions when any sales team tells you their detection product uses no signatures.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lesley Carhart

Lesley Carhart Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @hacks4pancakes

Lesley Carhart Profile picture
Nov 9, 2022
The hacker / infosec Mastodon servers have really reached critical mass to contain useful community and information. If you haven't tried it out yet, I really recommend it. There's enough intel and news to be viable at this point.
This isn't a niche hobby thing anymore.
One of the things that was critical to me was seeing journalists like @lorenzofb and @campuscodi be on there, and they now are. Along with folks like @GossiTheDog, @Metacurity, @MalwareTechBlog, and @PatrickCMiller who have pretty solid info streams.
Read 5 tweets
Lesley Carhart Profile picture
Nov 5, 2022
I’m just the ornery retired military person who swaps stories with you, the military member who is drunk and I have never met, at the bar now. We have a great time.
Temporary friends are cool.
I’m dangerous, because I can talk about anything. Techno. Hunting. Archaeology.
Read 4 tweets
Lesley Carhart Profile picture
Oct 31, 2022
There's these threads from people laid off at Twitter and the *comments*.... trolls think they're witty, but they just look incredibly jealous of people who make good money in tech and are employable. They come off as devoid of tech knowledge and miserable with their lot in life.
Any of these engineers are just going to get immediately rehired for a deep six-figure salary, and the trolls with the incredibad takes about code reviews won't make that money no matter how much they take out their insecurities about their own shortcomings.
And then there's the "well, I'll take their job" clowns, from the people demonstrating hobbyist computer knowledge circa 2006, who have clearly never done a Silicon Valley whiteboard interview.
Read 4 tweets
Lesley Carhart Profile picture
Oct 28, 2022
Drop your handles on other social networks so that I can follow back?
Thank you, me:
mastodon.social/@hacks4pancakes
infosec.exchange/web/@hacks4pan…
counter.social/@hacks4pancakes
instagram.com/hacks4pancakes/
tisiphone.net
hacks4pancakes on tiktok
(I use instagram for just dull personal stuff, not much of a video creator.)
Read 5 tweets
Lesley Carhart Profile picture
Oct 26, 2022
Yeah, it’s super bad that click-driven social media is a primary source of information and news for large numbers of Americans, but also incredibly depressing it took China being involved in it (naturally) for anyone to care, way too late.
“We can control the relatively unknown monster which driven by ultra wealthy corporations because it’s draped in an American flag” is a weird take.
Of course China would want a piece of that massively lucrative and influential pie. Of course it wouldn’t be American networks at the top of innovation forever. What hubris.
Read 5 tweets
Lesley Carhart Profile picture
Oct 25, 2022
I have always had wild dreams. However, 14-year-old me would be extremely confused at me fighting creeping fascism daily on the computer alongside Godwin, a bunch of annoyed military veterans, Michael Okuda, a few cDc folks, and somehow also George Takei.
“Sometimes you will even talk to these luminaries on the internet. Mostly about nazis, and breakfast foods. That’s what we do on the internet in the future”.
“Also you’ll never actually have a cool hacker handle. You will be forever known as Pancakes”.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(